Government cybersecurity readiness declining, according to survey
The government sector is unprepared in aggregating risk intelligence and performing risk assessments, according to the 2017 Global Cybersecurity Assurance Report Card compiled by Tenable Network Security and research partner CyberEdge Group.
Surveying 700 security practitioners across seven industry verticals and nine countries, Tenable measured the abilities of IT professionals to assess cybersecurity risks and mitigate threats.
The government “industry” (which provided 37, or 5.3 percent, of responses) dropped three points from its assessment in 2016, scoring a 63 percent (D) and ranking at the bottom – below education – thanks to a 59 percent ranking in risk assessment and a 67 percent score in security assurance.
Risk assessment grades the ability to assess cybersecurity risks across 11 enterprise IT infrastructure components, while security assurance looks at the ability to mitigate threats by investing in security infrastructure fueled by executive and board-level commitment.
The United States as a whole (which represented 270, or 38.6 percent, of responses) dropped two points, to a C+ average, though it’s still scores still sit above the 70 percent global average (thanks to second-highest seatings on risk assessment and security assurance, behind India).
The United States’ strengths are considered to be measuring security effectiveness, viewing network risks continuously and conveying risks to executive and board members, while weaknesses are listed as aggregating risk intelligence, assessing cloud environments and assessing DevOps environments.
Following major breaches recorded at the IRS, OPM and SSA, among others, challenges in the future look to be, according to the survey, the evolving and multiplying cyber threat environment, low security awareness among employees, lack of network visibility, shortage of qualified workers, a lack of effective security products, a lack of budget and a lack of effective reporting.
The entire report can be accessed on Tenable’s website.
Source: http://www.federaltimes.com/articles/government-cybersecurity-readiness-declining-according-to-survey
Surveying 700 security practitioners across seven industry verticals and nine countries, Tenable measured the abilities of IT professionals to assess cybersecurity risks and mitigate threats.
The government “industry” (which provided 37, or 5.3 percent, of responses) dropped three points from its assessment in 2016, scoring a 63 percent (D) and ranking at the bottom – below education – thanks to a 59 percent ranking in risk assessment and a 67 percent score in security assurance.
Risk assessment grades the ability to assess cybersecurity risks across 11 enterprise IT infrastructure components, while security assurance looks at the ability to mitigate threats by investing in security infrastructure fueled by executive and board-level commitment.
The United States as a whole (which represented 270, or 38.6 percent, of responses) dropped two points, to a C+ average, though it’s still scores still sit above the 70 percent global average (thanks to second-highest seatings on risk assessment and security assurance, behind India).
The United States’ strengths are considered to be measuring security effectiveness, viewing network risks continuously and conveying risks to executive and board members, while weaknesses are listed as aggregating risk intelligence, assessing cloud environments and assessing DevOps environments.
Following major breaches recorded at the IRS, OPM and SSA, among others, challenges in the future look to be, according to the survey, the evolving and multiplying cyber threat environment, low security awareness among employees, lack of network visibility, shortage of qualified workers, a lack of effective security products, a lack of budget and a lack of effective reporting.
The entire report can be accessed on Tenable’s website.
Source: http://www.federaltimes.com/articles/government-cybersecurity-readiness-declining-according-to-survey
Comments